a10_rule_set_rule¶
Parameters¶
Parameters |
Choices/Defaults |
Comment |
|
|---|---|---|---|
state str/required |
[‘noop’, ‘present’, ‘absent’] |
State of the object to be created. |
|
ansible_host str/required |
Host for AXAPI authentication |
||
ansible_username str/required |
Username for AXAPI authentication |
||
ansible_password str/required |
Password for AXAPI authentication |
||
ansible_port int/required |
Port for AXAPI authentication |
||
a10_device_context_id int |
[‘1-8’] |
Device ID for aVCS configuration |
|
a10_partition str |
Destination/target partition for object/command |
||
rule_set_name str/required |
Key to identify parent object |
||
name str/required |
Rule name |
||
remark str |
Rule entry comment (Notes for this rule) |
||
status str |
‘enable’= Enable rule; ‘disable’= Disable rule; |
||
action str |
‘permit’= permit; ‘deny’= deny; ‘reset’= reset; |
||
log bool |
Enable logging |
||
reset_lid int |
Apply a Template LID |
||
listen_on_port bool |
Listen on port |
||
policy str |
‘cgnv6’= Apply CGNv6 policy; ‘forward’= Forward packet; |
||
forward_listen_on_port bool |
Listen on port |
||
lid int |
Apply a Template LID |
||
listen_on_port_lid int |
Apply a Template LID |
||
fw_log bool |
Enable logging |
||
fwlog bool |
Enable logging |
||
cgnv6_log bool |
Enable logging |
||
forward_log bool |
Enable logging |
||
lidlog bool |
Enable logging |
||
reset_lidlog bool |
Enable logging |
||
listen_on_port_lidlog bool |
Enable logging |
||
cgnv6_policy str |
‘lsn-lid’= Apply specified CGNv6 LSN LID; ‘fixed-nat’= Apply CGNv6 Fixed NAT; |
||
cgnv6_fixed_nat_log bool |
Enable logging |
||
cgnv6_lsn_lid int |
LSN LID |
||
cgnv6_lsn_log bool |
Enable logging |
||
ip_version str |
‘v4’= IPv4 rule; ‘v6’= IPv6 rule; |
||
src_class_list str |
Match source IP against class-list |
||
src_geoloc_name str |
Single geolocation name |
||
src_geoloc_list str |
Geolocation name list |
||
src_geoloc_list_shared bool |
Use Geolocation list from shared partition |
||
src_ipv4_any str |
‘any’= Any IPv4 address; |
||
src_ipv6_any str |
‘any’= Any IPv6 address; |
||
source_list list |
Field source_list |
||
src_ip_subnet str |
IPv4 IP Address |
||
src_ipv6_subnet str |
IPv6 IP Address |
||
src_obj_network str |
Network object |
||
src_obj_grp_network str |
Network object group |
||
src_slb_server str |
SLB Real server name |
||
src_zone str |
Zone name |
||
src_zone_any str |
‘any’= any; |
||
src_threat_list str |
Bind threat-list for source IP based filtering |
||
dst_class_list str |
Match destination IP against class-list |
||
dst_geoloc_name str |
Single geolocation name |
||
dst_geoloc_list str |
Geolocation name list |
||
dst_geoloc_list_shared bool |
Use Geolocation list from shared partition |
||
dst_ipv4_any str |
‘any’= Any IPv4 address; |
||
dst_ipv6_any str |
‘any’= Any IPv6 address; |
||
dest_list list |
Field dest_list |
||
dst_ip_subnet str |
IPv4 IP Address |
||
dst_ipv6_subnet str |
IPv6 IP Address |
||
dst_obj_network str |
Network object |
||
dst_obj_grp_network str |
Network object group |
||
dst_slb_server str |
SLB Real server name |
||
dst_slb_vserver str |
SLB Virtual server name |
||
dst_domain_list str |
Match destination IP against domain-list |
||
dst_zone str |
Zone name |
||
dst_zone_any str |
‘any’= any; |
||
dst_threat_list str |
Bind threat-list for destination IP based filtering |
||
service_any str |
‘any’= any; |
||
service_list list |
Field service_list |
||
protocols str |
‘tcp’= tcp; ‘udp’= udp; ‘sctp’= sctp; |
||
proto_id int |
Protocol ID |
||
obj_grp_service str |
service object group |
||
icmp bool |
ICMP |
||
icmpv6 bool |
ICMPv6 |
||
icmp_type int |
ICMP type number |
||
special_type str |
‘any-type’= Any ICMP type; ‘echo-reply’= Type 0, echo reply; ‘echo-request’= Type 8, echo request; ‘info-reply’= Type 16, information reply; ‘info-request’= Type 15, information request; ‘mask-reply’= Type 18, address mask reply; ‘mask- request’= Type 17, address mask request; ‘parameter-problem’= Type 12, parameter problem; ‘redirect’= Type 5, redirect message; ‘source-quench’= Type 4, source quench; ‘time-exceeded’= Type 11, time exceeded; ‘timestamp’= Type 13, timestamp; ‘timestamp-reply’= Type 14, timestamp reply; ‘dest-unreachable’= Type 3, destination unreachable; |
||
icmp_code int |
ICMP code number |
||
special_code str |
‘any-code’= Any ICMP code; ‘frag-required’= Code 4, fragmentation required; ‘host-unreachable’= Code 1, destination host unreachable; ‘network- unreachable’= Code 0, destination network unreachable; ‘port-unreachable’= Code 3, destination port unreachable; ‘proto-unreachable’= Code 2, destination protocol unreachable; ‘route-failed’= Code 5, source route failed; |
||
icmpv6_type int |
ICMPv6 type number |
||
special_v6_type str |
‘any-type’= Any ICMPv6 type; ‘dest-unreachable’= Type 1, destination unreachable; ‘echo-reply’= Type 129, echo reply; ‘echo-request’= Type 128, echo request; ‘packet-too-big’= Type 2, packet too big; ‘param-prob’= Type 4, parameter problem; ‘time-exceeded’= Type 3, time exceeded; |
||
icmpv6_code int |
ICMPv6 code number |
||
special_v6_code str |
‘any-code’= Any ICMPv6 code; ‘addr-unreachable’= Code 3, address unreachable; ‘admin-prohibited’= Code 1, admin prohibited; ‘no-route’= Code 0, no route to destination; ‘not-neighbour’= Code 2, not neighbor; ‘port-unreachable’= Code 4, destination port unreachable; |
||
eq_src_port int |
Equal to the port number |
||
gt_src_port int |
Greater than the port number |
||
lt_src_port int |
Lower than the port number |
||
range_src_port int |
Port range (Starting Port Number) |
||
port_num_end_src int |
Ending Port Number |
||
eq_dst_port int |
Equal to the port number |
||
gt_dst_port int |
Greater than the port number |
||
lt_dst_port int |
Lower than the port number |
||
range_dst_port int |
Port range (Starting Port Number) |
||
port_num_end_dst int |
Ending Port Number |
||
sctp_template str |
SCTP Template |
||
alg str |
‘FTP’= FTP; ‘TFTP’= TFTP; ‘SIP’= SIP; ‘DNS’= DNS; ‘PPTP’= PPTP; ‘RTSP’= RTSP; |
||
gtp_template str |
Configure GTP template (GTP Template Name) |
||
idle_timeout int |
TCP/UDP idle-timeout |
||
application_any str |
‘any’= any; |
||
app_list list |
Field app_list |
||
obj_grp_application str |
Application object group |
||
protocol str |
Specify application(s) |
||
protocol_tag str |
‘aaa’= Protocol/application used for AAA (Authentification, Authorization and Accounting) purposes.; ‘adult-content’= Adult content.; ‘advertising’= Advertising networks and applications.; ‘analytics-and-statistics’= user- analytics and statistics.; ‘anonymizers-and-proxies’= Traffic-anonymization protocol/application.; ‘audio-chat’= Protocol/application used for Audio Chat.; ‘basic’= Protocols required for basic classification, e.g., ARP, HTTP; ‘blog’= Blogging platform.; ‘cdn’= Protocol/application used for Content-Delivery Networks.; ‘chat’= Protocol/application used for Text Chat.; ‘classified-ads’= Protocol/application used for Classified ads.; ‘cloud-based-services’= SaaS and/or PaaS cloud based services.; ‘crowdfunding’= Service for funding a project or venture by raising small amounts of money from a large number of people.; ‘cryptocurrency’= Cryptocurrency.; ‘database’= Database-specific protocols.; ‘disposable-email’= Disposable email accounts.; ‘ebook-reader’= Services for e-book readers.; ‘email’= Native email protocol.; ‘enterprise’= Protocol/application used in an enterprise network.; ‘file-management’= Protocol/application designed specifically for file management and exchange, e.g., Dropbox, SMB; ‘file-transfer’= Protocol that offers file transferring as a functionality as a secondary feature. e.g., Skype, Whatsapp; ‘forum’= Online forum.; ‘gaming’= Protocol/application used by games.; ‘instant-messaging-and- multimedia-conferencing’= Protocol/application used for Instant messaging or multiconferencing.; ‘internet-of-things’= Internet Of Things protocol/application.; ‘mobile’= Mobile-specific protocol/application.; ‘map- service’= Digital Maps service.; ‘multimedia-streaming’= Protocol/application used for multimedia streaming.; ‘networking’= Protocol used for (inter) networking purpose.; ‘news-portal’= Protocol/application used for News Portals.; ‘peer-to-peer’= Protocol/application used for Peer-to-peer purposes.; ‘remote-access’= Protocol/application used for remote access.; ‘scada’= SCADA (Supervisory control and data acquisition) protocols, all generations.; ‘social-networks’= Social networking application.; ‘software-update’= Auto- update protocol.; ‘standards-based’= Protocol issued from standardized bodies such as IETF, ITU, IEEE, ETSI, OIF.; ‘transportation’= Transportation.; ‘video- chat’= Protocol/application used for Video Chat.; ‘voip’= Application used for Voice over IP.; ‘vpn-tunnels’= Protocol/application used for VPN or tunneling purposes.; ‘web’= Application based on HTTP/HTTPS.; ‘web-e-commerce’= Protocol/application used for E-commerce websites.; ‘web-search-engines’= Protocol/application used for Web search portals.; ‘web-websites’= Protocol/application used for Company Websites.; ‘webmails’= Web email application.; ‘web-ext-adult’= Web Extension Adult; ‘web-ext-auctions’= Web Extension Auctions; ‘web-ext-blogs’= Web Extension Blogs; ‘web-ext-business- and-economy’= Web Extension Business and Economy; ‘web-ext-cdns’= Web Extension CDNs; ‘web-ext-collaboration’= Web Extension Collaboration; ‘web-ext-computer- and-internet-info’= Web Extension Computer and Internet Info; ‘web-ext- computer-and-internet-security’= Web Extension Computer and Internet Security; ‘web-ext-dating’= Web Extension Dating; ‘web-ext-educational-institutions’= Web Extension Educational Institutions; ‘web-ext-entertainment-and-arts’= Web Extension Entertainment and Arts; ‘web-ext-fashion-and-beauty’= Web Extension Fashion and Beauty; ‘web-ext-file-share’= Web Extension File Share; ‘web-ext- financial-services’= Web Extension Financial Services; ‘web-ext-gambling’= Web Extension Gambling; ‘web-ext-games’= Web Extension Games; ‘web-ext-government’= Web Extension Government; ‘web-ext-health-and-medicine’= Web Extension Health and Medicine; ‘web-ext-individual-stock-advice-and-tools’= Web Extension Individual Stock Advice and Tools; ‘web-ext-internet-portals’= Web Extension Internet Portals; ‘web-ext-job-search’= Web Extension Job Search; ‘web-ext- local-information’= Web Extension Local Information; ‘web-ext-malware’= Web Extension Malware; ‘web-ext-motor-vehicles’= Web Extension Motor Vehicles; ‘web-ext-music’= Web Extension Music; ‘web-ext-news’= Web Extension News; ‘web- ext-p2p’= Web Extension P2P; ‘web-ext-parked-sites’= Web Extension Parked Sites; ‘web-ext-proxy-avoid-and-anonymizers’= Web Extension Proxy Avoid and Anonymizers; ‘web-ext-real-estate’= Web Extension Real Estate; ‘web-ext- reference-and-research’= Web Extension Reference and Research; ‘web-ext-search- engines’= Web Extension Search Engines; ‘web-ext-shopping’= Web Extension Shopping; ‘web-ext-social-network’= Web Extension Social Network; ‘web-ext- society’= Web Extension Society; ‘web-ext-software’= Web Extension Software; ‘web-ext-sports’= Web Extension Sports; ‘web-ext-streaming-media’= Web Extension Streaming Media; ‘web-ext-training-and-tools’= Web Extension Training and Tools; ‘web-ext-translation’= Web Extension Translation; ‘web-ext-travel’= Web Extension Travel; ‘web-ext-web-advertisements’= Web Extension Web Advertisements; ‘web-ext-web-based-email’= Web Extension Web based Email; ‘web- ext-web-hosting’= Web Extension Web Hosting; ‘web-ext-web-service’= Web Extension Web Service; |
||
track_application bool |
Enable application statistic |
||
uuid str |
uuid of the object |
||
user_tag str |
Customized tag |
||
sampling_enable list |
Field sampling_enable |
||
counters1 str |
‘all’= all; ‘hit-count’= Hit counts; ‘permit-bytes’= Permitted bytes counter; ‘deny-bytes’= Denied bytes counter; ‘reset-bytes’= Reset bytes counter; ‘permit-packets’= Permitted packets counter; ‘deny-packets’= Denied packets counter; ‘reset-packets’= Reset packets counter; ‘active-session-tcp’= Active TCP session counter; ‘active-session-udp’= Active UDP session counter; ‘active- session-icmp’= Active ICMP session counter; ‘active-session-other’= Active other protocol session counter; ‘session-tcp’= TCP session counter; ‘session- udp’= UDP session counter; ‘session-icmp’= ICMP session counter; ‘session- other’= Other protocol session counter; ‘active-session-sctp’= Active SCTP session counter; ‘session-sctp’= SCTP session counter; ‘hitcount-timestamp’= Last hit counts timestamp; |
||
move_rule dict |
Field move_rule |
||
location str |
‘top’= top; ‘before’= before; ‘after’= after; ‘bottom’= bottom; |
||
target_rule str |
Field target_rule |
||
oper dict |
Field oper |
||
hitcount int |
Field hitcount |
||
last_hitcount_time str |
Field last_hitcount_time |
||
action str |
Field action |
||
status str |
Field status |
||
permitbytes int |
Field permitbytes |
||
denybytes int |
Field denybytes |
||
resetbytes int |
Field resetbytes |
||
totalbytes int |
Field totalbytes |
||
permitpackets int |
Field permitpackets |
||
denypackets int |
Field denypackets |
||
resetpackets int |
Field resetpackets |
||
totalpackets int |
Field totalpackets |
||
activesessiontcp int |
Field activesessiontcp |
||
activesessionudp int |
Field activesessionudp |
||
activesessionicmp int |
Field activesessionicmp |
||
activesessionsctp int |
Field activesessionsctp |
||
activesessionother int |
Field activesessionother |
||
activesessiontotal int |
Field activesessiontotal |
||
sessiontcp int |
Field sessiontcp |
||
sessionudp int |
Field sessionudp |
||
sessionicmp int |
Field sessionicmp |
||
sessionsctp int |
Field sessionsctp |
||
sessionother int |
Field sessionother |
||
sessiontotal int |
Field sessiontotal |
||
name str |
Rule name |
||
stats dict |
Field stats |
||
hit_count str |
Hit counts |
||
permit_bytes str |
Permitted bytes counter |
||
deny_bytes str |
Denied bytes counter |
||
reset_bytes str |
Reset bytes counter |
||
permit_packets str |
Permitted packets counter |
||
deny_packets str |
Denied packets counter |
||
reset_packets str |
Reset packets counter |
||
active_session_tcp str |
Active TCP session counter |
||
active_session_udp str |
Active UDP session counter |
||
active_session_icmp str |
Active ICMP session counter |
||
active_session_other str |
Active other protocol session counter |
||
session_tcp str |
TCP session counter |
||
session_udp str |
UDP session counter |
||
session_icmp str |
ICMP session counter |
||
session_other str |
Other protocol session counter |
||
active_session_sctp str |
Active SCTP session counter |
||
session_sctp str |
SCTP session counter |
||
hitcount_timestamp str |
Last hit counts timestamp |
||
name str |
Rule name |
||